New PHP Security and Authentication Framework

February 25, 2010

Introducing the MDBitz Security and Authentication Framework for PHP. I have always had an issue with any PHP Security or Authentication Framework or library that I have utilized in past projects. That is why I am developing my own comprehensive Security and Authentication Framework.

I am building this framework from the ground up keeping all security risks and precautions in mind, from Session Hijacking, SQl-Injection, and Shared Hosting Vulnerabilities. The project currently is still in its infancy but I am actively working to make it the one source for easily securing your website and content without forcing you to learn a new system to work in.

Features

User Authentication & Timeout

The MDSecurity contains the capability to provide authentication of the user’s IP Address, Browser Agent, and Max Attempts. These are fully configurable allowing you to easily determine what you want to verify. In addition MDSecurity allows you to set both a session timeout and a request timeout allowing you to define how long a session is valid for and when to invalidate the session upon inactivity of the user.

Session Handlers

The MDSecurity framework contains built in Session Handlers that you can configure to modify how PHP saves your users’ session information. Currently you can specify a new file path, or configure your session information to be saved into a database.

Encryption

Built into the library are Encryption functionality that can be utilized both at the Client side (JavaScript) and Server side (PHP). The supported encryption methods are Base 64, md5, sha1, sha256.

For full details on the PHP MDBitz Security and Authentication Framework (MDSecurity) please visit the official site